String Return in PHP..... with SQL

Question

Am having a problem with my PHP. I have a for loop as below:

$todays_date = date("Y-m-d H:i:s");
for ($k=0; $k < $_SESSION[CampaignTrax]; $k++) {
                        $numIncrement = $k +1;

$artistConcentrate = '$_POST[ArtistField_'.$numIncrement.']';
$titleConcentrate = '$_POST[TitleField_'.$numIncrement.']';
$mixConcentrate = '$_POST[MixField_'.$numIncrement.']';

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('$_SESSION[promo_ID]', '$numIncrement', '$todays_date', '{$artistConcentrate}', '$titleConcentrate', '$mixConcentrate', '$_SESSION[CampaignTitle]')";
mysql_query($query2) or die('Error in MySQL query. Here is the error message: '.mysql_error());

}

My problem is that the $artistConcetrate variable literally returns $_POST[ArtistField_1] and that value displays in the SQL table on PHPMyAdmin as so, any chance I can get it to actually return the value of what was submitted as POST[ArtistField_1], as this will be auto incremented through the loop so artistfield_2 etc will be inserted into the table.

I am aware of SQL injection problems that may occur from the above but will update my code after the solution has been found.

Many thanks for any advice on this.

CP

It's the array keys you want to be concatenating in $_POST, not the entire PHP variable expression: $_POST['AritistField_' . $numIncrement] — Michael Berkowski
– Michael Berkowski, Commented Jul 6, 2013 at 12:15
"INSERT statements that use VALUES syntax can insert multiple rows." - dev.mysql.com/doc/refman/5.1/en/insert.html so please build a $query in a loop and fire mysql_query only once after the loop with that $query.. — fr4nk
– fr4nk, Commented Jul 6, 2013 at 12:19
Funny how people still invent hot water and append numbers to strings which are used to name array keys, when we have this awesome thingy called - array. What's so wrong by having $_POST['ArtistField'][$numIncrement]? It's so much cleaner for you to work with, not to mention it's much simpler. — N.B.
– N.B., Commented Jul 6, 2013 at 12:47

whizzzkid · Accepted Answer · 2013-07-06 12:19:36Z

1

try this

$todays_date = date("Y-m-d H:i:s");
for ($k=0; $k < $_SESSION[CampaignTrax]; $k++) {
                        $numIncrement = $k +1;

$artistConcentrate = $_POST["ArtistField_".$numIncrement];
$titleConcentrate = $_POST["TitleField_".$numIncrement];
$mixConcentrate = $_POST["MixField_".$numIncrement];

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('".$_SESSION['promo_ID']."', '".$numIncrement."', '".$todays_date."', '".$artistConcentrate."', '".$titleConcentrate."', '".$mixConcentrate."', '".$_SESSION['CampaignTitle']."')";
mysql_query($query2) or die('Error in MySQL query. Here is the error message: '.mysql_error());

}

answered Jul 6, 2013 at 12:19

whizzzkid

1,33414 silver badges31 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

Chris P Over a year ago

Whizzkid you definitely live up to your name, that worked perfectly. The numbers are inserted into my table and increment in order.

whizzzkid Over a year ago

@ChrisP Nice to hear that, please mark this answer as accepted by clicking the tick on the left.

Goutam Pal · Accepted Answer · 2013-07-06 12:22:44Z

0

$artistConcentrate = '$_POST[ArtistField_'.$numIncrement.']';
$titleConcentrate = '$_POST[TitleField_'.$numIncrement.']';
$mixConcentrate = '$_POST[MixField_'.$numIncrement.']';

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('$_SESSION[promo_ID]', '$numIncrement', '$todays_date', '{$artistConcentrate}', '$titleConcentrate', '$mixConcentrate', '$_SESSION[CampaignTitle]')";

should be

$artistConcentrate = $_POST[ArtistField_'.$numIncrement.'];
$titleConcentrate = $_POST[TitleField_'.$numIncrement.'];
$mixConcentrate = $_POST[MixField_'.$numIncrement.'];

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('".$_SESSION[promo_ID]."', '".$numIncrement."', '".$todays_date."', '".$artistConcentrate."', '".$titleConcentrate."', '".$mixConcentrate."', '".$_SESSION[CampaignTitle]."')";

answered Jul 6, 2013 at 12:22

Goutam Pal

1,7531 gold badge10 silver badges14 bronze badges

1 Comment

N.B. Over a year ago

No it shouldn't be that, take a look again what you did.

abhinsit · Accepted Answer · 2013-07-06 12:23:02Z

You can use mysql_real_escape_string function for this purpose:-

Here is the documentation link:- http://php.net/manual/en/function.mysql-real-escape-string.php

In your code you can do:-

$todays_date = date("Y-m-d H:i:s");
for ($k=0; $k < $_SESSION[CampaignTrax]; $k++) {
                        $numIncrement = $k +1;

$artistConcentrate = mysql_real_escape_string($_POST['ArtistField_'.$numIncrement]);
$titleConcentrate = mysql_real_escape_string($_POST['TitleField_'.$numIncrement]);
$mixConcentrate = mysql_real_escape_string($_POST['MixField_'.$numIncrement]);

$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES('$_SESSION[promo_ID]', '$numIncrement', '$todays_date', '{$artistConcentrate}', '$titleConcentrate', '$mixConcentrate', '$_SESSION[CampaignTitle]')";
mysql_query($query2) or die('Error in MySQL query. Here is the error message: '.mysql_error());

}

Do remember to check mysql_set_charset() which would affect the result. Study documentation link given above.

fr4nk · Accepted Answer · 2013-07-06 12:37:29Z

Modifying @whizzzkid Code:

$todays_date = date("Y-m-d H:i:s");
$query2 = "INSERT INTO trackdata (promo_ID, track_orderno, track_dateofcreation, track_artist, track_title, track_mix, track_promo_title) VALUES ";
for ($k=0; $k < $_SESSION[CampaignTrax]; $k++) {
                        $numIncrement = $k +1;

    $artistConcentrate = $_POST["ArtistField_".$numIncrement];
    $titleConcentrate = $_POST["TitleField_".$numIncrement];
    $mixConcentrate = $_POST["MixField_".$numIncrement];

    $query2 .= "(".$_SESSION['promo_ID']."', '".$numIncrement."', '".$todays_date."', '".$artistConcentrate."', '".$titleConcentrate."', '".$mixConcentrate."', '".$_SESSION['CampaignTitle']."'),";

}
$query2 = substr($query2, 0, -1);
mysql_query($query2) or die('Error in MySQL query. Here is the error message: '.mysql_error());

This fires mysql_query only once.

Collectives™ on Stack Overflow

String Return in PHP..... with SQL

4 Answers 4

2 Comments

1 Comment

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

2 Comments

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related